6 Myths About GDPR

“It only applies to big business”
It applies to ANY organisation of ANY size that stores or processes personal data

“It doesn’t apply to me as I don’t store people’s home addresses and phone numbers”
Personal data is any data that can be used to identify an individual

“I pay my annual fee to the ICO, so I’m covered”
Compliance to GDPR is about complying with the rules and having the documented evidence to show the ICO should they request it. There is no “sign-up” for GDPR!

“I’ve attended a GDPR course, so I’m covered”
There is no certification process for GDPR – you have to follow the rules to demonstrate compliance

“I’ll never get caught”
This may indeed be true but remember that if a single complaint is made by a client, patient, or employee to the ICO, they have an obligation to investigate

“It’s no different to the Data Protection Act”
GDPR is VERY different to the DPA. The rights of individuals have been enhanced and the penalties are much more severe